arm/arm64: KVM: Turn kvm_psci_version into a static inline

Commit a4097b351118 upstream.

We're about to need kvm_psci_version in HYP too. So let's turn it
into a static inline, and pass the kvm structure as a second
parameter (so that HYP can do a kern_hyp_va on it).

Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 2cfe8929f6247dbee8def7e94f334909fe5ac084)

CVE-2017-5753
CVE-2017-5715
CVE-2017-5754

Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Acked-by: Brad Figg <brad.figg@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

diff --git a/arch/arm64/kvm/hyp/switch.c b/arch/arm64/kvm/hyp/switch.c
index 67f0ee24a406f901783b5e07b37939028474ac4e..6568656147c0f69fbaac77d214edd6afa6393dad 100644 (file)
--- a/arch/arm64/kvm/hyp/switch.c
+++ b/arch/arm64/kvm/hyp/switch.c
@@ -19,6 +19,8 @@
 #include <linux/jump_label.h>
 #include <uapi/linux/psci.h>
 
+#include <kvm/arm_psci.h>
+
 #include <asm/kvm_asm.h>
 #include <asm/kvm_emulate.h>
 #include <asm/kvm_hyp.h>
@@ -325,14 +327,16 @@ again:
 
        if (exit_code == ARM_EXCEPTION_TRAP &&
            (kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC64 ||
-            kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32) &&
-           vcpu_get_reg(vcpu, 0) == PSCI_0_2_FN_PSCI_VERSION) {
-               u64 val = PSCI_RET_NOT_SUPPORTED;
-               if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features))
-                       val = 2;
-
-               vcpu_set_reg(vcpu, 0, val);
-               goto again;
+            kvm_vcpu_trap_get_class(vcpu) == ESR_ELx_EC_HVC32)) {
+               u32 val = vcpu_get_reg(vcpu, 0);
+
+               if (val == PSCI_0_2_FN_PSCI_VERSION) {
+                       val = kvm_psci_version(vcpu, kern_hyp_va(vcpu->kvm));
+                       if (unlikely(val == KVM_ARM_PSCI_0_1))
+                               val = PSCI_RET_NOT_SUPPORTED;
+                       vcpu_set_reg(vcpu, 0, val);
+                       goto again;
+               }
        }
 
        if (static_branch_unlikely(&vgic_v2_cpuif_trap) &&

diff --git a/include/kvm/arm_psci.h b/include/kvm/arm_psci.h
index ed1dd8088f1cd7aa722fc2d45126693e4a91787c..e518e4e3dfb50a83520a3b8100c3c27899c15bdf 100644 (file)
--- a/include/kvm/arm_psci.h
+++ b/include/kvm/arm_psci.h
@@ -18,6 +18,7 @@
 #ifndef __KVM_ARM_PSCI_H__
 #define __KVM_ARM_PSCI_H__
 
+#include <linux/kvm_host.h>
 #include <uapi/linux/psci.h>
 
 #define KVM_ARM_PSCI_0_1       PSCI_VERSION(0, 1)
@@ -26,7 +27,25 @@
 
 #define KVM_ARM_PSCI_LATEST    KVM_ARM_PSCI_1_0
 
-int kvm_psci_version(struct kvm_vcpu *vcpu);
+/*
+ * We need the KVM pointer independently from the vcpu as we can call
+ * this from HYP, and need to apply kern_hyp_va on it...
+ */
+static inline int kvm_psci_version(struct kvm_vcpu *vcpu, struct kvm *kvm)
+{
+       /*
+        * Our PSCI implementation stays the same across versions from
+        * v0.2 onward, only adding the few mandatory functions (such
+        * as FEATURES with 1.0) that are required by newer
+        * revisions. It is thus safe to return the latest.
+        */
+       if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features))
+               return KVM_ARM_PSCI_LATEST;
+
+       return KVM_ARM_PSCI_0_1;
+}
+
+
 int kvm_hvc_call_handler(struct kvm_vcpu *vcpu);
 
 #endif /* __KVM_ARM_PSCI_H__ */

diff --git a/virt/kvm/arm/psci.c b/virt/kvm/arm/psci.c
index 46a98fee3ef50a272dc2ea3bc1356e2a9b97754d..e105c1153794b864eadd150a1f6176e5f3193038 100644 (file)
--- a/virt/kvm/arm/psci.c
+++ b/virt/kvm/arm/psci.c
@@ -123,7 +123,7 @@ static unsigned long kvm_psci_vcpu_on(struct kvm_vcpu *source_vcpu)
        if (!vcpu)
                return PSCI_RET_INVALID_PARAMS;
        if (!vcpu->arch.power_off) {
-               if (kvm_psci_version(source_vcpu) != KVM_ARM_PSCI_0_1)
+               if (kvm_psci_version(source_vcpu, kvm) != KVM_ARM_PSCI_0_1)
                        return PSCI_RET_ALREADY_ON;
                else
                        return PSCI_RET_INVALID_PARAMS;
@@ -232,14 +232,6 @@ static void kvm_psci_system_reset(struct kvm_vcpu *vcpu)
        kvm_prepare_system_event(vcpu, KVM_SYSTEM_EVENT_RESET);
 }
 
-int kvm_psci_version(struct kvm_vcpu *vcpu)
-{
-       if (test_bit(KVM_ARM_VCPU_PSCI_0_2, vcpu->arch.features))
-               return KVM_ARM_PSCI_LATEST;
-
-       return KVM_ARM_PSCI_0_1;
-}
-
 static int kvm_psci_0_2_call(struct kvm_vcpu *vcpu)
 {
        struct kvm *kvm = vcpu->kvm;
@@ -397,7 +389,7 @@ static int kvm_psci_0_1_call(struct kvm_vcpu *vcpu)
  */
 static int kvm_psci_call(struct kvm_vcpu *vcpu)
 {
-       switch (kvm_psci_version(vcpu)) {
+       switch (kvm_psci_version(vcpu, vcpu->kvm)) {
        case KVM_ARM_PSCI_1_0:
                return kvm_psci_1_0_call(vcpu);
        case KVM_ARM_PSCI_0_2: